Closed Bug 166869 Opened 22 years ago Closed 19 years ago

LDAP auth needs usability work

Categories

(MailNews Core :: LDAP Integration, enhancement)

Product:
MailNews Core
Component:
LDAP Integration
Platform:
x86
Windows 2000
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED EXPIRED

People

(Reporter: francis+mozilla, Assigned: srilatha)

References

Details

I now know that Mozilla supports LDAP auth; but I wasn't able to figure that out
until I spent an hour or so reading through bugzilla.  It's not mentioned in the
help, and it's obscure in the UI.  The relevant UI element is a "Bind DN" field
in the Directory Server Properties dialog.  I didn't fill this out when I first
tried to set up LDAP, because I was using Netscape 7.0PR1, which didn't have it.
 When I tried to search against the LDAP server, I kept getting told "0
entries".   I upgraded to Mozilla 1.1, but didn't notice the "Bind DN"
field--nor would I have known what it meant if I had.  My IS guys managed to
establish that Outlook Express could do the search if it was given a username
and password; I tried it, and they were right, so I just assumed that Mozilla
couldn't do LDAP auth.  I came to bugzilla to report it; I searched first, of
course, and found a whole slew of bugs about it, which seem to say that it had
been implemented.  I looked at the UI spec
(http://www.mozilla.org/mailnews/specs/addressbook/#Directory), and it showed a
"Log in with user name and password" checkbox, which wasn't in the UI I had.  I
thought maybe I was picking up an old version of the chrome, so I dug into
messenger.jar, and found pref-add-directory.xul, with a control named "login",
which sounded right.  I finally figured out that this was the "Bind DN" field,
and it wanted the equivalent of a username.  I had no hope of guessing my actual
DN, but I remembered something from one of the bugs I'd looked at that suggested
I might be able to put in just a login name.  So I did NTDOMAIN\username, and
that worked.

This *really* needs to be easier to use.  At a minimum, "Bind DN" should be
replaced by something comprehensible, and the help file should be updated.  If
the user doesn't provide a Bind DN, and bind fails, you should prompt for
username & password, just like you do for HTTP.  I realize that, according to
the helpfile, your model is that admins will set up LDAP bindings for users; but
that's not going to happen in a lot of places--it needs to be possible for
people to try out Mozilla without admin support, so they can come to their
admins and say, "This is a good program; you should support it".  And even
admins need usability; they shouldn't have to spend an hour grovelling through
bug reports and XUL to figure out what's going on.

Sorry for going on about this, but I'd hate to think that all the effort you
guys put in on LDAP might be wasted because nobody can figure it out.
Blocks: 148891
I use Mozilla 1.1 and wasn't even able to get LDAP working. The ldap server we
hit does not require logging in, so I do not know what to put into the Bind DN
Field. (Putting my username did not work).

Besides that, this dialog definately needs usability fixes. Once you create an
LDAP Directory (using the File->New->LDap directory) from the address book and
hit ok, there is no way to get back to the dialog. I had to create a new one
everytime I tried changing my ldap parameters. I have no clue what happened to
all the other ldap directories i have created, or how do I delete them.

My $0.02 worth.....

Jalpesh.
If you don't use LDAP auth, the hard part is knowing what to use for the base
DN. If your domain is example.com, you might try "dc=example,dc=com"; that's
what worked for me.

To edit an existing LDAP server, you can either go into Preferences -> Mail &
News -> Addressing, and click on "Edit directories", or open the Address Book
dialog, select the directory, and click on Properties.
QA Contact: yulian → gchan
Product: MailNews → Core
I can confirm the original comments on this bug using Windows XP SP2 and
Thunderbird 1.0 RC1.  Like the original reporter, I was attempting to use the
LDAP feature in Thunderbird with authentication, but couldn't get it to return
results.  Once I put domain/username in the Bind DN, the next time I initated a
search on the directory, it prompted for my password (using the Password
Manager) and the search results worked.  This option definately needs some UI
cleanup to make it more friendly, especially for end-users.
This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/

This bug has been automatically resolved after a period of inactivity (see above
comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → EXPIRED
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.